mirror of
https://gitlab.com/fdroid/fdroidserver.git
synced 2024-09-19 03:30:12 +02:00
2374b12a77
This is part of the effort to remove moving parts from the whole build server setup. Why wrap shell scripts in ruby and chef if we can just directly run a shell script?
17 lines
833 B
Bash
17 lines
833 B
Bash
#!/bin/bash
|
|
|
|
# Ubuntu trusty 14.04's paramiko does not work with jessie's openssh's default settings
|
|
# https://stackoverflow.com/questions/7286929/paramiko-incompatible-ssh-peer-no-acceptable-kex-algorithm/32691055#32691055
|
|
|
|
if ! grep --quiet ^Ciphers /etc/ssh/sshd_config; then
|
|
echo Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr >> /etc/ssh/sshd_config
|
|
fi
|
|
|
|
if ! grep --quiet ^MACs /etc/ssh/sshd_config; then
|
|
echo MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,hmac-sha1 >> /etc/ssh/sshd_config
|
|
fi
|
|
|
|
if ! grep --quiet ^KexAlgorithms /etc/ssh/sshd_config; then
|
|
echo KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1 >> /etc/ssh/sshd_config
|
|
fi
|